Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,731
Maven
5,000+
npm
4,332
NuGet
763
pip
4,109
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

97 advisories

Loading
Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop allows... Critical Unreviewed
CVE-2025-32576 was published Apr 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell... Critical Unreviewed
CVE-2025-30967 was published Apr 16, 2025
Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP allows Remote... Critical Unreviewed
CVE-2025-39601 was published Apr 16, 2025
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing... Critical Unreviewed
CVE-2017-16780 was published May 13, 2022
The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF... Critical Unreviewed
CVE-2025-2907 was published Apr 26, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager allows... Critical Unreviewed
CVE-2025-48340 was published May 19, 2025
Cross-Site Request Forgery (CSRF) vulnerability in sh1zen WP Optimizer allows SQL Injection. This... Critical Unreviewed
CVE-2025-53314 was published Jun 27, 2025
Spree Auth Devise vulnerability allows for authentication bypass through CSRF weakness Critical
CVE-2021-41275 was published for spree_auth_devise (RubyGems) Nov 18, 2021
Duplicate Advisory: Authentication Bypass by CSRF Weakness Critical
GHSA-8xfw-5q82-3652 was published for spree_auth_devise (RubyGems) Nov 18, 2021 withdrawn
jasnow
Credited to jasnow
Duplicate Advisory: Authentication Bypass by CSRF Weakness Critical
GHSA-6mqr-q86q-6gwr was published for spree_auth_devise (RubyGems) Nov 18, 2021 withdrawn
jasnow tdunlap607
Credited to jasnow and tdunlap607
Duplicate Advisory: Authentication Bypass by CSRF Weakness Critical
GHSA-gpqc-4pp7-5954 was published for spree_auth_devise (RubyGems) Nov 18, 2021 withdrawn
jasnow dsten56
Credited to jasnow and dsten56
Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets allows Cross... Critical Unreviewed
CVE-2025-54010 was published Jul 16, 2025
Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console Critical
CVE-2024-8980 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 22, 2024
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers Critical
CVE-2025-54782 was published for @nestjs/devtools-integration (npm) Aug 1, 2025
JLLeitschuh
Credited to JLLeitschuh
Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.txt Guru Connect allows Cross... Critical Unreviewed
CVE-2025-49381 was published Aug 20, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows Code Injection. This issue... Critical Unreviewed
CVE-2025-58997 was published Sep 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Images allows Code... Critical Unreviewed
CVE-2025-58255 was published Sep 22, 2025
Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress allows Upload a... Critical Unreviewed
CVE-2025-60156 was published Sep 26, 2025
An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1... Critical Unreviewed
CVE-2024-34502 was published May 5, 2024
Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation.This issue affects BLU... Critical Unreviewed
CVE-2025-12479 was published Oct 29, 2025
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack Critical
CVE-2025-62593 was published for ray (pip) Nov 26, 2025
JLLeitschuh avilum
Credited to JLLeitschuh and avilum
Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation... Critical Unreviewed
CVE-2024-45538 was published Dec 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database